Fig Security breaks cover with $38M to help security teams adapt to change
For large organizations, analyzing data unlocks much more than new profit streams. Today’s enterprise tech stacks are staggeringly intricate, comprising dozens of tools that collaborate in unique ways—and small changes can trigger unpredictable downstream effects. That’s why data-stream analysis is essential: it helps you understand when, where, and why things break.
Yet security teams can’t wait for a fault to occur before acting. Think of an alarm that hasn’t sounded in a while—can you trust it to be reliable? The modern security stack is so dense that a minor tweak in one tool may ripple through the system, potentially undermining detection and response capabilities.
Fig Security, a startup founded by veterans of Israel’s cyber and data intelligence units 8200 and Mamram (visit: https://www.fig.security/), aims to address this by continuously monitoring the security stack. The goal is to determine whether rules, mitigation tools, and detection/response mechanisms are functioning correctly or have drifted off course due to changes. The company has just emerged from stealth with $38 million in seed and Series A funding, a TechCrunch exclusive reveals.
In essence, Fig’s technology traces data flows across the security stack—from original sources through data pipelines and data lakes to security orchestration and automation (SOAR) platforms—and alerts security teams if changes at any point degrade detection or response. The platform also enables you to simulate how new fixes, patches, or changes could impact the system before deployment.
“Rather than simply tracing data forward to its destination, we focus on detections—the true single source of truth,” explained Fig’s CEO and co-founder, Gal Shafir. “Detection or response is what you need to get right, so we backtrack the health and determine what must happen with the data to trigger detection when something occurs. We then alert the security team in real time if something looks inconsistent.”
Shafir describes Fig’s approach as sampling a company’s data as it moves through various tools in the infrastructure, then observing how it changes along the pipeline. This yields a real-time data lineage that reveals how upstream changes could disrupt downstream security tools.
Fig states it can connect with data links and Security Information and Event Management (SIEM) systems to enable seamless operation with a wide range of security tools and environments (learn more about SIEM here: https://www.paloaltonetworks.com/cyberpedia/what-is-siem).
TechCrunch events
San Francisco, CA | October 13–15, 2026
Fig’s debut arrives as enterprises continuously adapt in real time, with executives pressured to quantify how AI-powered tools can cut costs, reduce human error, and boost efficiency. The surge of tools, however, has made life harder for security teams. Which defenses should a chief information security officer (CISO) prioritize? What’s the optimal security posture as hackers leverage AI for more sophisticated attacks?
Before founding Fig, Shafir led Google Cloud Security’s global architecture team. He recalls meeting CISOs who, regardless of company size or budget, wondered, “AI is great, but can I trust my detections if I don’t trust the underlying data? How can I trust the AI that says everything is fine tomorrow if the data isn’t trustworthy today?”
That insight led Shafir and co-founders Nir Loya Dahan (CPO) and Roy Haimof (CTO) to the realization that a solution existed but was elusive: a complex landscape of vendors and infrastructure made it difficult to understand what’s actually happening on the ground.
“We recognized a major, clearly understood problem with no workable solution, given the fragmentation of vendors and the nature of modern infrastructure,” Shafir says. “That’s when we decided to build Fig.”
Since going public with its mission eight months ago, Fig has already secured sizable enterprise customers in the low double digits and expects to reach 50–100 by year’s end.
The funding will fuel North American expansion and a tripling of headcount in engineering and go-to-market teams.
Lead investors include Team8 and Ten Eleven Ventures, joined by security veterans such as Doug Merritt (former CEO of Splunk), Rene Bonvanie (former CMO of Palo Alto Networks), and the founders of Demisto and Siemplify.
Ram Iyer is a financial and tech reporter and editor who has covered North American and European M&A, equity, regulatory news, and debt markets for Reuters and Acuris Global, with additional writing on travel, entertainment, and books. You can reach Ram at ram.iyer@techcrunch.com.
